<?php
require_once("DB_Config.php"); // Access To Data Base
require_once("func.php"); //Access To session_start

/*MAIN Function For Registration Errors */
function userRegister( $myusername, $myfirstname, $mylastname, $myemail, $myemailc, $mypassword, $mypasswordc, $myposition )
{
	$insection = '111111111111';
	$db_connect = DB_Connection::getInstance();
	session_start_ifRequired();

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername); //Remove's Slashes
	$myfirstname = stripslashes($myfirstname);
	$mylastname = stripslashes($mylastname);
	$myemail = stripslashes($myemail);
	$myemailc = stripslashes($myemailc);
	$mypassword = stripslashes($mypassword);
	$mypasswordc = stripslashes($mypasswordc);
	$myposition = stripslashes($myposition);
	$myusername = mysql_real_escape_string($myusername); //Removes password='' OR ''=''
	$myfirstname = mysql_real_escape_string($myfirstname);
	$mylastname = mysql_real_escape_string($mylastname);
	$myemail = mysql_real_escape_string($myemail);
	$myemailc = mysql_real_escape_string($myemailc);
	$mypassword = mysql_real_escape_string($mypassword);
	$mypasswordc = mysql_real_escape_string($mypasswordc);
	$myposition = mysql_real_escape_string($myposition);

	$registration_flag = 1;

	if ( strlen($myusername) < 2 ) {  //username to short
		$insection[1] = 0;
		$registration_flag = 0; 
	}
	if (  !(preg_match("/^[a-zA-Z0-9]{3,10}$/", $myusername)) ) { //username have to be from letters and numbers
		$insection[2] = 0;   
		$registration_flag = 0; 
	}
	if ( strlen($myfirstname) < 2 ) { //first name to short
		$insection[3] = 0;   
		$registration_flag = 0; 
	}
	if ( !(preg_match("/^[a-zA-Z]+$/", $myfirstname)) ) {//first name have to be from letters
		$insection[4] = 0; 
		$registration_flag = 0; 
	}
	if ( strlen($mylastname) < 2 ) { //last name to short
		$insection[5] = 0;   
		$registration_flag = 0; 
	}
	if ( !(preg_match("/^[a-zA-Z]+$/", $mylastname))  ) { //last name have to be from letters and numbers
		$insection[6] = 0; 
		$registration_flag = 0; 
	}
	if ( !(filter_var($myemail, FILTER_VALIDATE_EMAIL)) ) { //This email address is not valid
		$insection[7] = 0; 
		$registration_flag = 0;
	}
	if ( strlen($myposition) != 3 ) { 
		$registration_flag = 0; 
	}
	if ($myemail != $myemailc){  //This emails not the same
		$insection[8] = 0; 
		$registration_flag = 0;
	}
	if ( !(preg_match("/^[a-zA-Z0-9]{6,10}$/", $mypassword)) ) { // Your password is to weak
	 	$insection[9] = 0; 		//preg_match - checks RegEx for only numbers&letters
	 	$registration_flag = 0;
	}
	if ($mypassword != $mypasswordc){  //This passwords not the same
		$insection[10] = 0; 
		$registration_flag = 0;
	}

	//checking if username already exists or user registerd already by email
	$sql="SELECT * FROM users WHERE username= ? or email= ? ";
	$stmt = $db_connect->db_conn->prepare($sql);	
	$param=array($myusername, $myemail);
	$mypassword=md5($mypassword);

	if ($stmt->execute($param)){
		$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
		$count=count($row);

		if($count>0){   //Count > 0 Registration Failed
			// echo "Count>0";
			$insection[11] = 0; //for registration errors text
			$registration_flag = 0; //for registration errors on the page
		}

		if($registration_flag == 1){ //Count == 0 Registration Success
			
			$sql = "INSERT INTO members(username, password, priv)
					VALUES (?,?,?)";
			$stmt = $db_connect->db_conn->prepare($sql);
			$param=array($myusername,$mypassword, $myposition);
			if($stmt->execute($param)){


				$sql = "INSERT INTO users(username,first_name, last_name, email)
				VALUES (?,?,?,?)";
				$stmt = $db_connect->db_conn->prepare($sql);
				$param=array($myusername,$myfirstname,$mylastname,$myemail);
				if($stmt->execute($param)){


					//USER LOGIN AFTER ACCOUNT REGISTRATION
					$sql="SELECT * FROM members WHERE username= ? and password= ? ";
					$stmt = $db_connect->db_conn->prepare($sql);
					$param=array($myusername,$mypassword);
					if($stmt->execute($param)){


						$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
						$p=$row[0]['priv']; // Col in Line
						$count=count($row);
						if($count==1){
							// Register $myusername, $mypassword Opens Session for current user
							$_SESSION['valid']=1;
							$_SESSION['myusername'] = $myusername;
							$_SESSION['mypassword'] = $mypassword;
							$_SESSION['p'] = $p;
							return $insection;
						
						}else { //Wrong Username or Password
							$insection[0]=2;
							return $insection;
						}
					
					}else { //login error
							$insection[0]=2;
							return $insection;
						}
				
				}else{// insert into members failed				
					$insection[0]=0;
					return $insection;
				}
			
			}else{// insert into users failed				
				$insection[0]=0;
				return $insection;
			}
		
		}else{// registration_flag = 0				
			$insection[0]=0;
			return $insection;
		}	
	
	}else{// error on main execut of query				
				$insection[0]=0;
				return $insection;
			}	
}
?>
